Add information on XDM and other support

1 files changed, 32 insertions, 2 deletions

diff --git a/xml/selinux-faq.xml b/xml/selinux-faq.xml
index 62c2c28..965adca 100644
--- a/xml/selinux-faq.xml
+++ b/xml/selinux-faq.xml
@@ -17,8 +17,8 @@ The FAQ is a collection of solutions found on IRC, mailinglist, forums or
 elsewhere
 </abstract>
 
-<version>20</version>
-<date>2012-02-26</date>
+<version>21</version>
+<date>2012-04-05</date>
 
 <faqindex>
 <title>Questions</title>
@@ -862,5 +862,35 @@ When enabled, enforcing mode cannot be disabled anymore (until you reboot).
 
 </body>
 </section>
+<section id="xdm">
+<title>Logons through xdm (or similar) fail</title>
+<body>
+
+<p>
+If you log on through xdm, gdm, kdm, slim or any other graphical logon manager,
+you might notice in permissive mode that your context is off, and in enforcing
+mode that you just cannot log on.
+</p>
+
+<p>
+The reason of this is that PAM needs to be configured to include SELinux
+awareness in your session handling:
+</p>
+
+<pre caption="Updating pam setting for gdm">
+...
+session  required   pam_loginuid.so
+session  optional   pam_console.so
+<i>session  optional   pam_selinux.so</i>
+</pre>
+
+<p>
+Replicate the calls towards <path>pam_selinux.so</path> in the various
+<path>/etc/pam.d/gdm*</path> files (or similar depending on your graphical
+logon manager).
+</p>
+
+</body>
+</section>
 </chapter>
 </guide>